Page MenuHomePhabricator
Differential D9365

[avalanche] Add an option to import a delegation
ClosedPublic
Actions

Authored by Fabien on Apr 2 2021, 08:45.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Project
Maniphest Tasks
Restricted Maniphest Task
Commits
rABCbc20bfeeb2f7: [avalanche] Add an option to import a delegation
Summary

The "-avadelegation" option let the user supply an already built
delegation to the node, so the proof can be used without passing the
master private key around.

Depends on D9445.

Ref T1635.

Test Plan
ninja check-functional

Diff Detail

Event Timeline

Fabien created this revision.Apr 2 2021, 08:45
Herald added a reviewer: Restricted Project. · View Herald TranscriptApr 2 2021, 08:45
Fabien requested review of this revision.Apr 2 2021, 08:45
Harbormaster completed remote builds in B15440: Diff 28067.Apr 2 2021, 08:59
deadalnix requested changes to this revision.Apr 3 2021, 19:57
deadalnix added a subscriber: deadalnix.

What problem removing the distinction between master key and session key solves? It seems to me like it's making security of the whole thing worse for no good reason.

src/avalanche/processor.cpp
453 ↗(On Diff #28067)

Why are you making a copy of the whole delegation?

src/init.cpp
1237 ↗(On Diff #28067)

Why? This behavior change doesn't seem to serve any other purpose than adding a special case.

Presumably, the delegation delegates to a key. How is the node supposed to have the corresponding private key?

2480 ↗(On Diff #28067)

It doesn't seem to make sense to me to accept an invalid delegation, then require init.cpp to know that the delegation might be invalid and check it. Why does init.cpp need to know about the delegation at all, past the fact that there is a command line argument about it?

This revision now requires changes to proceed.Apr 3 2021, 19:57
Fabien updated this revision to Diff 28194.Apr 15 2021, 13:32

Revert to original master key/session key intent, rebase on top of D9422 to remove verification from init.cpp

Harbormaster completed remote builds in B15520: Diff 28194.Apr 15 2021, 13:45
deadalnix requested changes to this revision.Apr 20 2021, 00:06
deadalnix added inline comments.
src/avalanche/processor.cpp
227 ↗(On Diff #28194)

You might have built an invalid delegation here, no? What if the provided delegation doesn't match the master key provided?

Most likely, you should check correctness at the end, not in the middle of things.

src/init.cpp
1233 ↗(On Diff #28194)

To the master key. the session key by default is randomly generated, unless specified otherwise.

test/functional/abc_rpc_avalancheproof.py
225 ↗(On Diff #28194)

You get it right in the test, so just set descriptions accordingly.

This revision now requires changes to proceed.Apr 20 2021, 00:06
Fabien updated this revision to Diff 28252.Apr 22 2021, 19:42

Fix missed session key vs master key confusion, reorder the checks to make sure no wrong delegation can be generated

Harbormaster completed remote builds in B15562: Diff 28252.Apr 22 2021, 19:55
deadalnix requested changes to this revision.Apr 23 2021, 16:07
deadalnix added inline comments.
src/avalanche/processor.cpp
259–262 ↗(On Diff #28252)

remove

298 ↗(On Diff #28252)

This seems to be unrelated with what the diff is doing and needs to be in its own diff. The whole design also seems fairly redundant, cutting in bit will make it more obvious where the fat is.

This revision now requires changes to proceed.Apr 23 2021, 16:07
Fabien updated this revision to Diff 28267.Apr 26 2021, 10:13

Remove debug prints, only keep the new option part of the diff. The additional tests will be extracted in a follow up.

Fabien added a child revision: D9445: [avalanche] Check the delegation generated at startup is valid.Apr 26 2021, 10:14
Harbormaster completed remote builds in B15575: Diff 28267.Apr 26 2021, 10:24
deadalnix requested changes to this revision.Apr 26 2021, 20:56
deadalnix added inline comments.
src/avalanche/processor.cpp
261 ↗(On Diff #28267)

In what way? is this actually checking if the delegation is valid? That seems like out of scope for that function. Most likely, the error message is wrong, but the fact I can't tell for sure.

This revision now requires changes to proceed.Apr 26 2021, 20:56
deadalnix mentioned this in D9445: [avalanche] Check the delegation generated at startup is valid.Apr 26 2021, 21:24
Fabien updated this revision to Diff 28306.Apr 29 2021, 12:44

Update the error message

Harbormaster completed remote builds in B15599: Diff 28306.Apr 29 2021, 12:58
deadalnix requested changes to this revision.Apr 29 2021, 14:20
deadalnix added inline comments.
src/avalanche/processor.cpp
258 ↗(On Diff #28306)

What happens when this throws because the delegation is not hex or does not represent a delegation at all?

261 ↗(On Diff #28306)

This is not a new problem here, but none of these errors match the existing style passed down to InitError .

261 ↗(On Diff #28306)

What does it mean that the delegation failed to import? Why? What do I need to do if the node spit that message back to me? I can't even tell from reading this part of the source code, how any users is supposed to be able to do anything with this?

This revision now requires changes to proceed.Apr 29 2021, 14:20
Fabien planned changes to this revision.Jun 4 2021, 20:01
Fabien removed a child revision: D9445: [avalanche] Check the delegation generated at startup is valid.Jun 11 2021, 14:04
Fabien edited the summary of this revision. (Show Details)
Fabien added a task: Restricted Maniphest Task.
Fabien added a parent revision: D9445: [avalanche] Check the delegation generated at startup is valid.
Fabien updated this revision to Diff 28872.Jun 11 2021, 14:06

Rebase. The updated version for this diff and the compagnon D9445 should address all the feedback

Fabien added a child revision: D9668: [avalanche] Check the return value of the delegation addLevel() at startup.Jun 11 2021, 14:14
Harbormaster completed remote builds in B15983: Diff 28872.Jun 11 2021, 14:33
deadalnix added inline comments.Jun 14 2021, 19:14
src/avalanche/processor.cpp
287

Why does the delegation builder goes through a unique_ptr? It doesn't looks like this is necessary.

Fabien added inline comments.Jun 14 2021, 21:59
src/avalanche/processor.cpp
287

I need to use a different constructor depending on whether a delegation is provided or not, then I have some common path that uses this delegation builder. The unique pointer is used to declare the DelegationBuilder outside of the branches scopes.

deadalnix accepted this revision.Jun 15 2021, 12:46
deadalnix added inline comments.
src/avalanche/processor.cpp
287

That sounds like a terrible reason to do it this way.

This revision is now accepted and ready to land.Jun 15 2021, 12:46
Fabien updated this revision to Diff 28931.Jun 16 2021, 04:50

Rebase

Harbormaster completed remote builds in B16021: Diff 28931.Jun 16 2021, 05:03
Closed by commit rABCbc20bfeeb2f7: [avalanche] Add an option to import a delegation (authored by Fabien). · Explain WhyJun 16 2021, 06:42
This revision was automatically updated to reflect the committed changes.
Fabien added a commit: rABCbc20bfeeb2f7: [avalanche] Add an option to import a delegation.

Revision Contents
Changeset List

PathSize
src/
avalanche/
1 line
7 lines
40 lines
6 lines
test/
functional/
40 lines
33 lines

Diff 28872

View Options

src/avalanche/delegation.h

Loading...
View Options

src/avalanche/delegation.cpp

Loading...
View Options

src/avalanche/processor.cpp

Loading...
View Options

src/init.cpp

Loading...
View Options

test/functional/abc_p2p_avalanche.py

Loading...
View Options

test/functional/abc_rpc_avalancheproof.py

Loading...